At the end of it all, we were able to get a remote root shell from a vulnerable Apache Tomcat service. In a real world pentest scenario, we would try to explore the machine and retrieve as much sensitive information as possible. We could even use this machine to pivot into the entire Network.